Distributed Database Deployment
In a distributed database deployment, the Cortex XSOAR
app server and its databases are installed on separate machines.
This multi-tier configuration enables
you to scale your environment and manage load resources. Cortex
XSOAR supports two types of multi-tier configurations. In both multi-tier
configuration types, there is a single app server.
Although a distributed database deployment
might enhance performance, there are various factors that must be
considered. This might not be the preferred deployment method for
you. Contact your Cortex XSOAR Customer Success manager before you
implement a distributed database deployment. As of Cortex XSOAR
v6.5, distributed database deployments are not supported. If you plan
to upgrade to Cortex XSOAR v6.5, we recommend Elasticsearch instead
of a distributed database.
Using BoltDB for a remote distributed database can cause
performance issues when working with large (over 5 MB) incident
file attachments. If you anticipate working with large file attachments
and a remote distributed database, we recommend using Elasticsearch.
Single database server
When you deploy Cortex XSOAR with a single app server
and a single database server, the database server is considered
the main database, on which all content is stored.
Multiple database servers
When you deploy Cortex XSOAR with a single app server
and multiple database servers, the first database you install is
considered the main database and all additional database servers
you install are considered secondary nodes.
The main database server maintains all content that is not an
incident or related to an incident, such as playbooks, automations,
integrations, and so on.
The nodes maintain all incidents and their related data, for
example, the playbook used when processing the specific incident
or indicators extracted from the specific incident. Incidents are
distributed between the different secondary nodes using a round-robin
system.
- You must ensure that ports 443 and 50001 are open from the app server to the database servers. In addition, port 443 needs to be open while you are initially registering a database node.
- Each database server, main and nodes, must have its own disaster recovery configured.
